July 24, 20205 yr Hi. How could I create a Wireguard tunnel which will only allow peers to browse the Internet using my home IP address? I want to block complete access to my LAN and Unraid box. I tried using the community VPN Manager interface with the firewall option to deny to my local LAN and tunnel IP address, but the peers can still access my Unraid server's file shares and HTTP management site. Any tips? Thanks!
July 24, 20205 yr A wireguard tunnel terminates on your Unraid server, you can not deny peer access to your server, unless you use a different device (router) to terminate the WG tunnel. The WG configuration has a limited firewall function to allow or deny access to other devices in your network. A simple solution would be to define your local network, e.g. 192.168.1.0/24 and deny access.
July 27, 20205 yr Author I would expect that adding a combination of firewall rules it would be possible to prevent access to any services on the Unraid host and only allow forwarding to the Internet. Edited July 27, 20205 yr by Geoffrey_Cleaves
July 27, 20205 yr The WG tunnel terminates internally to the system and bypasses the firewall (iptables) function.
July 4, 20224 yr On 7/27/2020 at 11:41 AM, bonienl said: The WG tunnel terminates internally to the system and bypasses the firewall (iptables) function. Is this still the status? That is, no way to restrict the wireguard clients' access to Unraid server services / dockers via iptables? Additionally, are you aware if there are any plans to enhance the Unraid wireguard firewall functionalities? Thank you!
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.